Stuxnet hits India the most

It’s being described as the new cyber WMD and may have crippled an Iranian nuclear plant, but one cybersecurity company has estimated that the worm, Stuxnet, may have its largest footprint in India.

Another expert has put forward a conjecture that the failure of the INSAT 4B satellite this summer may have been due to this cyber superweapon.

According to data posted by Alexander Gostev, Chief Security Expert at Kaspersky Lab, India has topped the list of the most infected countries.

While clarifying that the data had been collected from Kaspersky’s personal product line, the numbers are still worrisome. Since Stuxnet was first detected in July, the number of infections in India in the first five days was at over 8,500 with just over 5000 in Indonesia and a little over 3000 in Iran, the top three countries.

The latest data set, between September 20 and 25, makes it clear that the problem is still raging in India, which again heads the list with over 8,000 infections, trailed by Indonesia with about 3000 and Kazakhstan with approximately 1300. The numbers of Iran dipped to 765.

Gostev noted in the analysis: “Iran managed to significantly cut its infection rate by cleaning many infected systems. If this trend is maintained, then Iran will stop being one of the centres of the epidemic. India, on the other hand, has stayed more or less at the same level; it is encouraging, though, the epidemic doesn’t seem to be on the rise.”

Iran has been projected as the epicenter of the Stuxnet epidemic. Iran’s nuclear infrastructure near Bushehr had been beset by problems caused by the worm which the Iranian regime has claimed was part of cyberwarfare being conducted possibly by Israel and the United States.

Meanwhile, the threat posed by Stuxnet to India has been alluded to by Jeffrey Carr, author of Inside Cyber Warfare, who has drawn a link between the failure of INSAT 4B and Stuxnet.

In Forbes’ The Firewall blog, Carr that the satellite was operated by the Indian Space Research Organisation or ISRO which “is a Siemens customer.

According to the resumes of two former engineers who worked at the ISRO’s Liquid Propulsion Systems Centre, the Siemens software in use is Siemens S7-400 PLC and SIMATIC WinCC, both of which will activate the Stuxnet worm.”

Siemens control systems, like those used in Iran, have been reported as the most vulnerable to this particular worm.

While data may vary according to the company undertaking the assessment, other reports have also made it clear that India is within the top three in terms of infections, along with Iran and Indonesia.

A report in September from Symantec pointed out that while 58 per cent of infections were in Iran, about 18 per cent was in Indonesia and nearly 10 per cent in India.